8 matches found
CVE-2016-7999
ecrire/exec/validerxml.php in SPIP 3.1.2 and earlier allows remote attackers to conduct server side request forgery SSRF attacks via a URL in the varurl parameter in a validerxml action...
CVE-2016-7981
Cross-site scripting XSS vulnerability in validerxml.php in SPIP 3.1.2 and earlier allows remote attackers to inject arbitrary web script or HTML via the varurl parameter in a validerxml action...
CVE-2016-7980
Cross-site request forgery CSRF vulnerability in ecrire/exec/validerxml.php in SPIP 3.1.2 and earlier allows remote attackers to hijack the authentication of administrators for requests that execute the XML validator on a local file via a crafted validerxml request. NOTE: this issue can be combin...
CVE-2016-7999
ecrire/exec/validerxml.php in SPIP 3.1.2 and earlier allows remote attackers to conduct server side request forgery SSRF attacks via a URL in the varurl parameter in a validerxml action...
CVE-2016-7999
ecrire/exec/validerxml.php in SPIP 3.1.2 and earlier allows remote attackers to conduct server side request forgery SSRF attacks via a URL in the varurl parameter in a validerxml action...
CVE-2016-7999
ecrire/exec/validerxml.php in SPIP 3.1.2 and earlier allows remote attackers to conduct server side request forgery SSRF attacks via a URL in the varurl parameter in a validerxml action...
CVE-2016-7981
Summary: CVE-2016-7981 is an XSS vulnerability in SPIP 3.1.2 and earlier. The issue occurs in the valider_xml.php handler, where the var_url parameter in a valider_xml action can be exploited by remote attackers to inject arbitrary web script or HTML into victims’ browsers. This is confined to SP...
CVE-2016-7999
CVE-2016-7999 affects SPIP 3.1.2 and earlier, where ecrire/exec/valider_xml.php accepts a URL in the var_url parameter of the valider_xml action, enabling remote attackers to perform server-side request forgery (SSRF). Multiple sources corroborate the SSRF risk in SPIP. The NVD reports CVSS v2 ba...